google-cloud/auth-oidc 1.0.5
Authenticate to Google Cloud with OIDC and Workload Identity Federation
Issue Tracker
Parameters
Parameter
Required
Default
Description
oidc-token
*
The OIDC token that will be exchanged for temporary credentials (e.g. vaults.your-vault.oidc.your-token)
workload-identity-provider
*
The full identifier of the Workload Identity Provider
service-account
The identifier of the Google Cloud service account which will be impersonated by the generated OIDC
service-account-token-lifetime-seconds
Lifetime duration of the service account access token in seconds
audience
The generated token's `aud` parameter, defaults to the value of `workload-identity-provider`
project-id
The default project to select once authenticated
README.md
This leaf requires the Google Cloud CLI be installed. Mint provides the google-cloud/install-cli leaf.
To authenticate with Google Cloud using OIDC and direct Workload Identity Federation:
tasks:
- key: gcloud-login
call: google-cloud/auth-oidc 1.0.5
with:
oidc-token: ${{ vaults.your-vault.oidc.gcp }}
workload-identity-provider: ${{ vaults.your-vault.secrets.WORKLOAD_IDENTITY_PROVIDER }}
To authenticate with Google Cloud using OIDC and a Service Account:
tasks:
- key: gcloud-login
call: google-cloud/auth-oidc 1.0.5
with:
oidc-token: ${{ vaults.your-vault.oidc.gcp }}
workload-identity-provider: ${{ vaults.your-vault.secrets.WORKLOAD_IDENTITY_PROVIDER }}
service-account: ${{ vaults.your-vault.secrets.SERVICE_ACCOUNT }}
A project-id may optionally be provided to select an active project for gcloud:
tasks:
- key: gcloud-login
call: google-cloud/auth-oidc 1.0.5
with:
oidc-token: ${{ vaults.your-vault.oidc.gcp }}
workload-identity-provider: ${{ vaults.your-vault.secrets.WORKLOAD_IDENTITY_PROVIDER }}
project-id: identifier-of-my-project
For more information about Mint and OIDC, please see the Mint documentation.